By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

could run into a number of operational issues that can result in additional risk and less visibility in the environment.

The latest virtualization platforms are beginning to make it more complex to define who has overall control of virtual machines, said network security expert and cloud computing blogger Chris Hoff, who serves as technical director of the Cloud Security Alliance, a non-profit organization launched this week to promote virtualization best practices. He said the next platform releases will also make the technology even more complicated.

Hoff was one of several participants Wednesday in a virtualization security best practices panel at RSA. Vendors are adding capabilities, such as the integration of third party virtual switching. This week, virtualization software leader VMware Inc. released vSphere, a product that brings data centers into private clouds. The product now comes equipped with a bevy of new features designed for rapid deployments of multiple virtual machines.

We're going to have issues trying to figure out where our packets are, where they're going and where they've been. Chris Hofftechnical directorCloud Security Alliance

Panelists said the future will get murkier when vendors add switching capabilities into the CPU, including interaction with Cisco Systems Inc.'s Nexus switches. Soon, Hoff Said, blade server environments will allow virtual machines to bypass the hypervisors altogether.

"I'd like to figure out where the network is in that picture," Hoff said. "We think we have problems today with tapped span ports. What happens with CPU and network switching? We're going to have issues trying to figure out where our packets are, where they're going and where they've been."

Dave Shackleford, a virtualization security expert and chief security officer of Colorado-based software provider Configuresoft Inc., said the visibility issue is one of the biggest problems that need to be addressed. The same controls implemented to harden a physical operating system should be deployed for virtual machines.

"It's really damn hard to secure what you can't see," he added.

Problems are also arising when companies virtualize machines without understanding the network architecture and topology, said panelist Rob Randell, a senior security specialist at VMware Inc.

In regard to virtualization, Randell said, "There's not a single technology out there that you can say, 'Yup, I can plop it in, and I'm secure.'".

See all our coverage of RSA Conference 2009:

SearchSecurity.com and Information Security magazine editors are in San Francisco to bring you the biggest RSA Conference 2009 news stories, interviews, podcasts, videos and more.

Tools are available to help solve the most common issues, and organizations are learning that anything that can be done for physical servers can be done on virtual machines, Randell said. For example, a company can put a virtual machine in isolated mode for patching and then put it back into production.

VMware also released its VMsafe APIs this week, enabling third-party security vendors to tap into the VMware hypervisor to provide agentless protection of virtual machines. About 50 vendors have applied to gain access to the VMware APIs, Randell said, and the first security products should be released this summer.

Still, some experts argue that additional capabilities being provided by VMware, such as VMotion software products that enable companies to move live, running virtual machines from one host to another, complicate the process of securing virtual environments. But Hoff said that technical challenges, like monitoring workload mobility issues, are overblown. Very few organizations have a need to use the mobility features, he said.

"When we talk about virtualization, the networking elements and constructs on how to provision networks are constraining mobility," he said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy